@cedros/login-react 0.0.1

package/dist/google-only.d.ts

@@ -0,0 +1,13 @@
+/**
+ * @cedros/login-react/google-only
+ *
+ * Bundle with only Google OAuth authentication (~25KB).
+ */
+export { CedrosLoginProvider } from './context/CedrosLoginProvider';
+export { useCedrosLogin } from './context/useCedrosLogin';
+export { GoogleLoginButton } from './components/google/GoogleLoginButton';
+export { LoadingSpinner } from './components/shared/LoadingSpinner';
+export { ErrorMessage } from './components/shared/ErrorMessage';
+export { useAuth } from './hooks/useAuth';
+export { useGoogleAuth } from './hooks/useGoogleAuth';
+export type { AuthMethod, AuthUser, TokenPair, AuthError, AuthErrorCode, AuthResponse, AuthState, SessionStorage, ThemeMode, FeatureFlags, SessionConfig, AuthCallbacks, ThemeOverrides, CedrosLoginConfig, } from './types';

package/dist/google-only.js

@@ -0,0 +1,11 @@
+import { C as e, E as r, L as a, a as u, u as g } from "./ErrorMessage-Bm1j5mBT.js";
+import { G as i, u as t } from "./GoogleLoginButton-CvDoOc-0.js";
+export {
+  e as CedrosLoginProvider,
+  r as ErrorMessage,
+  i as GoogleLoginButton,
+  a as LoadingSpinner,
+  u as useAuth,
+  g as useCedrosLogin,
+  t as useGoogleAuth
+};

package/dist/google-only.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-only.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;"}

package/dist/hooks/useAdminDeposits.d.ts

@@ -0,0 +1,10 @@
+import { UseAdminDepositsReturn } from '../types/deposit';
+export type { UseAdminDepositsReturn } from '../types/deposit';
+/**
+ * Hook for admin Privacy Cash deposit operations
+ *
+ * Requires system admin privileges. All methods will fail with 403 if not admin.
+ *
+ * Safe to call outside CedrosLoginProvider - returns no-op functions that throw.
+ */
+export declare function useAdminDeposits(): UseAdminDepositsReturn;

package/dist/hooks/useAdminUsers.d.ts

@@ -0,0 +1,28 @@
+import { UseAdminUsersReturn } from '../types';
+/**
+ * Hook for admin user management operations
+ *
+ * Provides methods to list all users, get individual users,
+ * and manage system admin status. Requires system admin privileges.
+ *
+ * @example
+ * ```tsx
+ * function UserManagement() {
+ *   const { users, total, isLoading, listUsers, setSystemAdmin } = useAdminUsers();
+ *
+ *   useEffect(() => {
+ *     listUsers({ limit: 20 });
+ *   }, [listUsers]);
+ *
+ *   return (
+ *     <AdminUserList
+ *       users={users}
+ *       total={total}
+ *       isLoading={isLoading}
+ *       onToggleAdmin={(userId, isAdmin) => setSystemAdmin(userId, isAdmin)}
+ *     />
+ *   );
+ * }
+ * ```
+ */
+export declare function useAdminUsers(): UseAdminUsersReturn;

package/dist/hooks/useAppleAuth.d.ts

@@ -0,0 +1,52 @@
+import { AuthResponse, AuthError } from '../types';
+export interface UseAppleAuthReturn {
+    signIn: () => Promise<AuthResponse>;
+    isLoading: boolean;
+    isInitialized: boolean;
+    error: AuthError | null;
+    clearError: () => void;
+}
+/**
+ * Hook for Apple Sign In authentication.
+ *
+ * @example
+ * ```tsx
+ * function AppleButton() {
+ *   const { signIn, isLoading, isInitialized, error } = useAppleAuth();
+ *
+ *   return (
+ *     <button onClick={signIn} disabled={!isInitialized || isLoading}>
+ *       {isLoading ? 'Signing in...' : 'Sign in with Apple'}
+ *     </button>
+ *   );
+ * }
+ * ```
+ */
+export declare function useAppleAuth(): UseAppleAuthReturn;
+declare global {
+    interface Window {
+        AppleID?: {
+            auth?: {
+                init: (config: {
+                    clientId: string;
+                    scope: string;
+                    redirectURI: string;
+                    usePopup?: boolean;
+                }) => void;
+                signIn: () => Promise<{
+                    authorization?: {
+                        id_token?: string;
+                        code?: string;
+                    };
+                    user?: {
+                        email?: string;
+                        name?: {
+                            firstName?: string;
+                            lastName?: string;
+                        };
+                    };
+                }>;
+            };
+        };
+    }
+}

package/dist/hooks/useAuth.d.ts

@@ -0,0 +1,34 @@
+import { AuthUser, AuthState, AuthError } from '../types';
+export interface UseAuthReturn {
+    user: AuthUser | null;
+    authState: AuthState;
+    error: AuthError | null;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    logout: () => Promise<void>;
+    refreshUser: () => Promise<void>;
+    openLoginModal: () => void;
+    closeLoginModal: () => void;
+}
+/**
+ * Main authentication hook providing user state and actions.
+ *
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const { user, isAuthenticated, logout, openLoginModal } = useAuth();
+ *
+ *   if (!isAuthenticated) {
+ *     return <button onClick={openLoginModal}>Login</button>;
+ *   }
+ *
+ *   return (
+ *     <div>
+ *       <p>Welcome, {user?.name}</p>
+ *       <button onClick={logout}>Logout</button>
+ *     </div>
+ *   );
+ * }
+ * ```
+ */
+export declare function useAuth(): UseAuthReturn;

package/dist/hooks/useAuthSession.d.ts

@@ -0,0 +1,19 @@
+import { AuthUser, AuthState, TokenPair, SessionConfig, AuthCallbacks } from '../types';
+export interface UseAuthSessionOptions {
+    serverUrl: string;
+    session?: SessionConfig;
+    callbacks?: AuthCallbacks;
+    requestTimeoutMs?: number;
+}
+export interface UseAuthSessionReturn {
+    user: AuthUser | null;
+    authState: AuthState;
+    handleLoginSuccess: (user: AuthUser, tokens?: TokenPair) => void;
+    logout: () => Promise<void>;
+    refreshUser: () => Promise<void>;
+    getAccessToken: () => string | null;
+}
+/**
+ * Hook that manages authentication session state, token refresh, and tab sync.
+ */
+export declare function useAuthSession({ serverUrl, session, callbacks, requestTimeoutMs, }: UseAuthSessionOptions): UseAuthSessionReturn;

package/dist/hooks/useAuthorize.d.ts

@@ -0,0 +1,62 @@
+import { AuthorizeRequest, AuthError } from '../types';
+export interface AuthorizationCheck {
+    allowed: boolean;
+    reason?: string;
+    isLoading: boolean;
+    error: AuthError | null;
+}
+export interface UseAuthorizeReturn {
+    /**
+     * Check if an action is authorized server-side.
+     * Use this for dynamic authorization checks.
+     */
+    authorize: (request: AuthorizeRequest) => Promise<boolean>;
+    /**
+     * Authorization state for the last check
+     */
+    lastCheck: AuthorizationCheck;
+    /**
+     * Clear the last authorization check
+     */
+    clearCheck: () => void;
+    /**
+     * Check authorization and return detailed result
+     */
+    checkAuthorization: (request: AuthorizeRequest) => Promise<AuthorizationCheck>;
+}
+/**
+ * Hook for server-side authorization checks.
+ *
+ * This hook allows you to check if a specific action is authorized
+ * by making a request to the server's /authorize endpoint.
+ *
+ * For simple permission checks based on the user's role, use `useOrgs().hasPermission()` instead.
+ *
+ * @example
+ * ```tsx
+ * function DeleteButton({ resourceId }: { resourceId: string }) {
+ *   const { authorize, lastCheck } = useAuthorize();
+ *   const { activeOrg } = useOrgs();
+ *
+ *   const handleDelete = async () => {
+ *     const allowed = await authorize({
+ *       orgId: activeOrg?.id!,
+ *       action: 'delete',
+ *       resource: 'document',
+ *       resourceId,
+ *     });
+ *
+ *     if (allowed) {
+ *       // Proceed with delete
+ *     }
+ *   };
+ *
+ *   return (
+ *     <button onClick={handleDelete} disabled={lastCheck.isLoading}>
+ *       Delete
+ *     </button>
+ *   );
+ * }
+ * ```
+ */
+export declare function useAuthorize(): UseAuthorizeReturn;

package/dist/hooks/useCredits.d.ts

@@ -0,0 +1,11 @@
+import { UseCreditsReturn } from '../types/deposit';
+export type { UseCreditsReturn } from '../types/deposit';
+/**
+ * Hook for credit balance and transaction history
+ *
+ * Credits represent the user's balance from Privacy Cash deposits.
+ * The balance can be used for services within the application.
+ *
+ * Safe to call outside CedrosLoginProvider - returns no-op functions that throw.
+ */
+export declare function useCredits(): UseCreditsReturn;

package/dist/hooks/useDeposit.d.ts

@@ -0,0 +1,16 @@
+import { UseDepositReturn } from '../types/deposit';
+export type { UseDepositReturn } from '../types/deposit';
+/**
+ * Hook for Privacy Cash deposit operations
+ *
+ * Deposits go to the user's Privacy Cash account (user's pubkey is owner).
+ * Credits are issued immediately, withdrawal to company wallet happens later.
+ *
+ * Requirements:
+ * - User must have SSS wallet enrolled
+ * - Wallet must be unlocked (call POST /wallet/unlock first)
+ * - Wallet must be in "no recovery" mode
+ *
+ * Safe to call outside CedrosLoginProvider - returns no-op functions that throw.
+ */
+export declare function useDeposit(): UseDepositReturn;

package/dist/hooks/useEmailAuth.d.ts

@@ -0,0 +1,60 @@
+import { AuthResponse, AuthError } from '../types';
+/** Result when MFA verification is required */
+export interface MfaRequiredResult {
+    mfaRequired: true;
+    mfaToken: string;
+    email: string;
+    userId: string;
+}
+/** Result of successful login (no TOTP required or after TOTP verification) */
+export interface LoginSuccessResult {
+    mfaRequired: false;
+    response: AuthResponse;
+}
+/** Union type for login result */
+export type LoginResult = MfaRequiredResult | LoginSuccessResult;
+export interface UseEmailAuthReturn {
+    /** Login - may return mfaRequired if 2FA is enabled */
+    login: (email: string, password: string) => Promise<LoginResult>;
+    register: (email: string, password: string, name?: string) => Promise<AuthResponse>;
+    isLoading: boolean;
+    error: AuthError | null;
+    clearError: () => void;
+    /**
+     * Number of remaining login attempts before rate limiting.
+     *
+     * M-10: Snapshot Behavior
+     * This value is a point-in-time snapshot computed at render time.
+     * It may be briefly stale during rapid requests or concurrent renders.
+     * For UI display only - actual rate limiting is enforced inside login/register.
+     */
+    remainingAttempts: number;
+    /**
+     * Time in ms until rate limit resets (0 if not rate limited).
+     *
+     * M-10: Snapshot Behavior
+     * This value is a point-in-time snapshot computed at render time.
+     * It may be briefly stale - use for UI display, not for logic decisions.
+     */
+    timeUntilReset: number;
+}
+/**
+ * Hook for email/password authentication.
+ *
+ * @example
+ * ```tsx
+ * function LoginForm() {
+ *   const { login, isLoading, error } = useEmailAuth();
+ *
+ *   const handleSubmit = async (e) => {
+ *     e.preventDefault();
+ *     try {
+ *       await login(email, password);
+ *     } catch (err) {
+ *       // Handle error
+ *     }
+ *   };
+ * }
+ * ```
+ */
+export declare function useEmailAuth(): UseEmailAuthReturn;

package/dist/hooks/useGoogleAuth.d.ts

@@ -0,0 +1,67 @@
+import { AuthResponse, AuthError } from '../types';
+/** @internal */
+export declare const _internalGoogleScriptLoader: {
+    loading: boolean;
+    loaded: boolean;
+    error: Error | null;
+    callbacks: Array<{
+        resolve: () => void;
+        reject: (err: Error) => void;
+    }>;
+    load(): Promise<void>;
+    /**
+     * Reset singleton state for test isolation (F-08)
+     * @internal - Only use in test setup/teardown
+     */
+    _reset(): void;
+};
+export interface UseGoogleAuthReturn {
+    signIn: () => Promise<AuthResponse>;
+    isLoading: boolean;
+    isInitialized: boolean;
+    error: AuthError | null;
+    clearError: () => void;
+}
+/**
+ * Hook for Google OAuth authentication.
+ *
+ * @example
+ * ```tsx
+ * function GoogleButton() {
+ *   const { signIn, isLoading, isInitialized, error } = useGoogleAuth();
+ *
+ *   return (
+ *     <button onClick={signIn} disabled={!isInitialized || isLoading}>
+ *       {isLoading ? 'Signing in...' : 'Sign in with Google'}
+ *     </button>
+ *   );
+ * }
+ * ```
+ */
+export declare function useGoogleAuth(): UseGoogleAuthReturn;
+declare global {
+    interface Window {
+        google?: {
+            accounts?: {
+                id?: {
+                    initialize: (config: {
+                        client_id: string;
+                        callback: (response: {
+                            credential: string;
+                        }) => void;
+                        auto_select?: boolean;
+                        cancel_on_tap_outside?: boolean;
+                    }) => void;
+                    prompt: (callback: (notification: {
+                        isNotDisplayed: () => boolean;
+                        isSkippedMoment: () => boolean;
+                        isDismissedMoment: () => boolean;
+                        getMomentType: () => string;
+                    }) => void) => void;
+                    renderButton: (element: HTMLElement, config: object) => void;
+                    disableAutoSelect: () => void;
+                };
+            };
+        };
+    }
+}

package/dist/hooks/useInstantLink.d.ts

@@ -0,0 +1,42 @@
+import { AuthError, AuthResponse, MfaRequiredResponse } from '../types';
+export interface UseInstantLinkReturn {
+    /** Send an instant link email to the given address */
+    sendInstantLink: (email: string) => Promise<void>;
+    /** Verify an instant link token and sign in */
+    verifyInstantLink: (token: string) => Promise<AuthResponse | MfaRequiredResponse>;
+    /** Whether a request is in progress */
+    isLoading: boolean;
+    /** Whether the instant link was sent successfully */
+    isSuccess: boolean;
+    /** Error from the last request */
+    error: AuthError | null;
+    /** Clear the error state */
+    clearError: () => void;
+    /** Reset to initial state */
+    reset: () => void;
+    /** Number of remaining attempts before rate limiting */
+    remainingAttempts: number;
+}
+/**
+ * Hook for instant link (passwordless) authentication.
+ *
+ * Sends an instant link email that allows the user to sign in
+ * without entering their password.
+ *
+ * @example
+ * ```tsx
+ * function InstantLinkForm() {
+ *   const { sendInstantLink, isLoading, isSuccess, error } = useInstantLink();
+ *
+ *   const handleSubmit = async (e) => {
+ *     e.preventDefault();
+ *     await sendInstantLink(email);
+ *   };
+ *
+ *   if (isSuccess) {
+ *     return <p>Check your email for the sign-in link</p>;
+ *   }
+ * }
+ * ```
+ */
+export declare function useInstantLink(): UseInstantLinkReturn;

package/dist/hooks/useInvites.d.ts

@@ -0,0 +1,57 @@
+import { Invite, OrgRole, AuthError, AcceptInviteResponse } from '../types';
+export interface UseInvitesReturn {
+    /** List of pending invites */
+    invites: Invite[];
+    /** Total pending invites available on the server */
+    total: number;
+    /** Loading state */
+    isLoading: boolean;
+    /** Error state */
+    error: AuthError | null;
+    /** Fetch/refresh invites list */
+    fetchInvites: (options?: {
+        limit?: number;
+        offset?: number;
+    }) => Promise<void>;
+    /** Create a new invite */
+    createInvite: (email: string, role?: Exclude<OrgRole, 'owner'>) => Promise<void>;
+    /** Cancel a pending invite */
+    cancelInvite: (inviteId: string) => Promise<void>;
+    /** Resend an invite email */
+    resendInvite: (inviteId: string) => Promise<void>;
+    /** Accept an invite (public) */
+    acceptInvite: (token: string) => Promise<AcceptInviteResponse>;
+}
+/**
+ * Hook for managing organization invites.
+ *
+ * @param orgId - The organization ID to manage invites for
+ *
+ * @example
+ * ```tsx
+ * function InviteManager() {
+ *   const { activeOrg } = useOrgs();
+ *   const { invites, createInvite, cancelInvite, resendInvite } = useInvites(activeOrg?.id);
+ *
+ *   const handleInvite = async (email: string) => {
+ *     await createInvite(email, 'member');
+ *   };
+ *
+ *   return (
+ *     <div>
+ *       <InviteForm onSubmit={handleInvite} />
+ *       <ul>
+ *         {invites.map(invite => (
+ *           <li key={invite.id}>
+ *             {invite.email} ({invite.role})
+ *             <button onClick={() => resendInvite(invite.id)}>Resend</button>
+ *             <button onClick={() => cancelInvite(invite.id)}>Cancel</button>
+ *           </li>
+ *         ))}
+ *       </ul>
+ *     </div>
+ *   );
+ * }
+ * ```
+ */
+export declare function useInvites(orgId: string | undefined): UseInvitesReturn;

package/dist/hooks/useMembers.d.ts

@@ -0,0 +1,52 @@
+import { Member, OrgRole, AuthError } from '../types';
+export interface UseMembersReturn {
+    /** List of members */
+    members: Member[];
+    /** Total members available on the server */
+    total: number;
+    /** Loading state */
+    isLoading: boolean;
+    /** Error state */
+    error: AuthError | null;
+    /** Fetch/refresh members list */
+    fetchMembers: (options?: {
+        limit?: number;
+        offset?: number;
+    }) => Promise<void>;
+    /** Update a member's role */
+    updateMemberRole: (userId: string, role: OrgRole) => Promise<void>;
+    /** Remove a member */
+    removeMember: (userId: string) => Promise<void>;
+}
+/**
+ * Hook for managing organization members.
+ *
+ * @param orgId - The organization ID to manage members for
+ *
+ * @example
+ * ```tsx
+ * function MembersList() {
+ *   const { activeOrg } = useOrgs();
+ *   const { members, isLoading, updateMemberRole, removeMember } = useMembers(activeOrg?.id);
+ *
+ *   if (!activeOrg) return null;
+ *
+ *   return (
+ *     <ul>
+ *       {members.map(member => (
+ *         <li key={member.id}>
+ *           {member.user.name} - {member.role}
+ *           <button onClick={() => updateMemberRole(member.userId, 'admin')}>
+ *             Make Admin
+ *           </button>
+ *           <button onClick={() => removeMember(member.userId)}>
+ *             Remove
+ *           </button>
+ *         </li>
+ *       ))}
+ *     </ul>
+ *   );
+ * }
+ * ```
+ */
+export declare function useMembers(orgId: string | undefined): UseMembersReturn;

package/dist/hooks/useOrgs.d.ts

@@ -0,0 +1,49 @@
+import { OrgWithMembership, Organization, CreateOrgRequest, UpdateOrgRequest, Permission, OrgRole, AuthError } from '../types';
+export interface UseOrgsReturn {
+    /** All organizations the user belongs to */
+    orgs: OrgWithMembership[];
+    /** Currently active organization */
+    activeOrg: OrgWithMembership | null;
+    /** User's permissions in the active org */
+    permissions: Permission[];
+    /** User's role in the active org */
+    role: OrgRole | null;
+    /** Loading state */
+    isLoading: boolean;
+    /** Error state */
+    error: AuthError | null;
+    /** Fetch/refresh organizations list */
+    fetchOrgs: () => Promise<void>;
+    /** Switch to a different organization */
+    switchOrg: (orgId: string) => Promise<void>;
+    /** Create a new organization */
+    createOrg: (data: CreateOrgRequest) => Promise<Organization>;
+    /** Update an organization */
+    updateOrg: (orgId: string, data: UpdateOrgRequest) => Promise<Organization>;
+    /** Delete an organization */
+    deleteOrg: (orgId: string) => Promise<void>;
+    /** Check if user has a specific permission */
+    hasPermission: (permission: Permission) => boolean;
+}
+/**
+ * Hook for managing organizations, memberships, and permissions.
+ *
+ * @example
+ * ```tsx
+ * function OrgSelector() {
+ *   const { orgs, activeOrg, switchOrg, hasPermission } = useOrgs();
+ *
+ *   return (
+ *     <select
+ *       value={activeOrg?.id}
+ *       onChange={(e) => switchOrg(e.target.value)}
+ *     >
+ *       {orgs.map(org => (
+ *         <option key={org.id} value={org.id}>{org.name}</option>
+ *       ))}
+ *     </select>
+ *   );
+ * }
+ * ```
+ */
+export declare function useOrgs(): UseOrgsReturn;

package/dist/hooks/usePasswordReset.d.ts

@@ -0,0 +1,32 @@
+import { AuthError } from '../types';
+export interface UsePasswordResetReturn {
+    forgotPassword: (email: string) => Promise<void>;
+    resetPassword: (token: string, newPassword: string) => Promise<void>;
+    isLoading: boolean;
+    isSuccess: boolean;
+    error: AuthError | null;
+    clearError: () => void;
+    reset: () => void;
+    /** Number of remaining attempts before rate limiting */
+    remainingAttempts: number;
+}
+/**
+ * Hook for password reset functionality.
+ *
+ * @example
+ * ```tsx
+ * function ForgotPasswordForm() {
+ *   const { forgotPassword, isLoading, isSuccess, error } = usePasswordReset();
+ *
+ *   const handleSubmit = async (e) => {
+ *     e.preventDefault();
+ *     await forgotPassword(email);
+ *   };
+ *
+ *   if (isSuccess) {
+ *     return <p>Check your email for reset instructions</p>;
+ *   }
+ * }
+ * ```
+ */
+export declare function usePasswordReset(): UsePasswordResetReturn;

package/dist/hooks/usePendingRecovery.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Hook for pending wallet recovery management
+ *
+ * After wallet enrollment, if recovery mode is enabled, the server stores
+ * recovery data temporarily. This hook fetches that data and allows the
+ * user to acknowledge receipt (after which the data is deleted from server).
+ */
+export interface UsePendingRecoveryReturn {
+    /** Whether there is pending recovery data */
+    hasPendingRecovery: boolean;
+    /** Recovery type: 'share_c' or 'full_seed' */
+    recoveryType: string | null;
+    /** Recovery phrase (base64-encoded seed) */
+    recoveryPhrase: string | null;
+    /** When the recovery data expires */
+    expiresAt: Date | null;
+    /** Fetch pending recovery data from server */
+    fetchPendingRecovery: () => Promise<void>;
+    /** Acknowledge that user has saved the recovery phrase (deletes from server) */
+    acknowledgeRecovery: () => Promise<void>;
+    /** Whether request is in progress */
+    isLoading: boolean;
+    /** Error from last request */
+    error: string | null;
+    /** Clear error */
+    clearError: () => void;
+}
+/**
+ * Hook for managing pending wallet recovery data
+ *
+ * Use this after wallet enrollment to show the user their recovery phrase
+ * and allow them to acknowledge receipt.
+ */
+export declare function usePendingRecovery(): UsePendingRecoveryReturn;